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1 . The Art Unit location of your application in the USPTO has changed. To aid in 
correlating any papers for this application, all further correspondence regarding this 
application should be directed to Art Unit 2617. 



DETAILED ACTION 
Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

3. Claims 1-5, 7-13, 15-22, 24, and 25 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Haverinen et al. (2002/0,012,433). 

With respect to claim 1, Haverinen discloses a method in a telecommunication 
system for allowing a SIM-based authentication to users of a wireless local area 
network who are subscribers of a public land mobile network (See Haverinen’s 
abstract, see figure 7 & 8, sections [0242] - [0244], [0247], [0249] - [0251], [0255] - 
[0258]), the method comprising the steps of: 

(a) a wireless terminal accessing the wireless local area network through an 
accessible Access Point (See Haverinen’s abstract, see figure 7 & 8, sections [0242] 
- [0244], [0247], [0249] - [0251], [0255] - [0258]); 




Application/Control Number: 10/510,498 
Art Unit: 2617 



Page 3 



(b) discovering an Access Controller interposed between the Access Point and the 
public land mobile network from the wireless terminal (See Haverinen’s abstract, see 
figure 7 & 8, sections [0242] - [0244], [0247], [0249] - [0251], [0255] - [0258]); 

(c) carrying out a challenge-response authentication procedure between the wireless 
terminal and the public land mobile network through the Access Controller (See 
Haverinen’s abstract, section [0018], [0020], [0021], [0022], [0029], [0034], [0109], 
[0138], [0170], [0315], see additional information at section [0009] - [0013]), the 
wireless terminal provided with a SIM card and adapted for reading data thereof (See 
Haverinen’s abstract, see figure 7 & 8, sections [0242] - [0244], [0247], [0249] - 
[0251], [0255] - [0258]); the method characterized in that the challenge-response 
authentication submissions in step c) take place before having provided IP connectivity 
to the user (See Haverinen’s abstract, section [0014] - [0029], [0343]), and are 
carried: 

- on top of a Point-to-Point layer 2 protocol (PPPoE) between the wireless 
terminal and the Access Controller (See Haverinen’s [0343]); and 

- on an authentication protocol residing at application layer between the 
public land mobile network and the Access Controller (See Haverinen’s [0003], [0263]- 
[0269]); and the method further comprises a step of: 

(d) offering IP connectivity to the user at the wireless terminal, by sending an 
assigned IP address and other network configuration parameters, once said user 
has been validly authenticated by the public land mobile network (See Haverinen’s 
abstract, section [0014] - [0029], [0343]). 
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With respect to claim 15, Haverinen discloses an Access Controller in a 
telecommunication system that comprises a wireless local area network including at 
least one Access Point, a public land mobile network, and at least one Terminal 
Equipment provided with a SIM card and adapted for reading subscriber data thereof 
(See Haverinen’s abstract, see figure 7 & 8, sections [0242] - [0244], [0247], [0249] 
- [0251], [0255] - [0258]), the Access Controller characterized in that it comprises: 

(a) a Point-to-Point layer 2 protocol (PPPoE) server for communicating with the 
wireless terminal, and arranged for tunneling the challenge-response authentication 
procedure (See Haverinen’s abstract, section [0343], [0018], [0020], [0021], [0022], 
[0029], [0034], [0109], [0138], [0170], [0315], see additional information at section 
[0009] -[0013]); and 

(b) an authentication protocol residing at an OSI application layer for 
communicating with the public land mobile network (See Haverinen’s [0003], [0263]- 
[0269]). 

With respect to claim 25, Haverinen discloses a telecommunication system 
comprising a wireless local area network that includes at least one Access Point, a 
public land mobile network, and at least one Terminal Equipment provided with a SIM 
card and adapted for reading subscriber data thereof, characterized in that it further 
comprises the Access Controller in claims 15 for allowing SIM-based subscriber 
authentication to users of the wireless local area network who are subscribers of the 
public land mobile network (See Haverinen’s abstract, see figure 7 & 8, sections 
[0242] - [0244], [0247], [0249] - [0251], [0255] - [0258]). 
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With respect to claim 2, Haverinen discloses a method wherein the step b) of 
discovering an Access Controller includes a step of establishing a Point-to-Point 
Protocol session between a Point-to-Point over Ethernet (PPoE) Protocol client in the 
wireless terminal and a Point-to-Point over Ethernet (PPoE) Protocol server in the 
Access Controller (See Haverinen’s abstract, see figure 7 & 8, sections [0242] - 
[0244], [0247], [0249] - [0251], [0255] - [0258]). 

With respect to claim 3, Haverinen discloses a method wherein the step c) of 
carrying out the challenge-response authentication procedure (See Haverinen’s 
abstract, section [0018], [0020], [0021], [0022], [0029], [0034], [0109], [0138], [0170], 
[0315], see additional information at section [0009] - [0013]) include the steps of: 

(cl) sending a user identifier from the wireless terminal to the public land mobile 
network through the Access Controller (See Haverinen’s see figure 9, section [0263]- 
[0279]); 

(c2) receiving an authentication challenge at the wireless terminal from the 
public land mobile network via the Access Controller (See Haverinen’s see figure 9, 
section [0263]-[0279]); 

(c3) deriving encryption key and authentication response at the wireless terminal 
from the received challenge (See Haverinen’s see figure 9, section [0263]-[0279]); 

(c4) sending the authentication response from the wireless terminal to the public 
land mobile network through the Access Controller (See Haverinen’s see figure 9, 
section [0263]-[0279]); 

(c5) receiving at the Access Controller an encryption key from the public land 
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mobile network (See Haverlnen’s see figure 9, section [0263]-[0279]); and 
(c6) extracting the encryption key received for further encryption of 
communication path with the wireless terminal (See Haverlnen’s see figure 9, section 
[0263]-[0279]). 

With respect to claim 4, Haverinen discloses a method further comprising the 
step of shifting authentication information received on top of a Point-to-Point layer 2 
protocol upwards to an authentication protocol residing at application layer for 
submissions toward the public land mobile network (See Haverinen’s see figure 9, 
section [0285]-[0305]). 

With respect to claim 5, Haverinen discloses a method further comprising the 
step of shifting authentication information received on an authentication protocol 
residing at application layer downwards on top of a Point-to-Point layer 2 protocol for 
submissions toward the wireless terminal (See Haverinen’s see figure 9, section 
[0285]-[0305]). 

With respect to claim 7, Haverinen discloses a method wherein the step d) of 
sending an IP address includes a previous step of requesting such IP address from a 
Dynamic Host Configuration Protocol server (See Haverinen’s see figure 9, section 
[0263]-[0279]). 

With respect to claim 8, Haverinen discloses a method wherein the 
communication between the Access Controller and the public land mobile network goes 
through an Authentication Gateway of said public land mobile network (See 
Haverinen’s see figure 9, section [0263]-[0279]). 
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With respect to claim 9, Haverinen discloses a method wherein the 
communication between the Access Controller and the Authentication Gateway of a 
public land mobile network goes through an Authentication Server of the wireless local 
area network in charge of authenticating local users of said wireless local area network 
who are not mobile subscribers (See Haverinen’s see figure 9, section [0263]- 
[0279]). 

With respect to claim 10, Haverinen discloses a method wherein the user 
identifier in step c) comprises a Network Access Identifier (See Haverinen’s see figure 
16, section [0346], [0371]). 

With respect to claim 1 1 , Haverinen discloses a method wherein the user 
identifier in step c) comprises an International Mobile Subscriber Identity (See 
Haverinen’s see figure 9, section [0263]-[0279], see additional information at 
section [0242], [0244], [0247], [0250], [0255], [0258]). 

With respect to claim 12, Haverinen discloses a method wherein the 
authentication protocol residing at application layer in step c) is an Extensible 
Authentication Protocol (See Haverinen’s see figure 16, section [0342]-[0347], 
[0348]-[0350]). 

With respect to claim 13, Haverinen discloses a method wherein this Extensible 
Authentication Protocol is transported over a RADIUS protocol (See Haverinen’s see 
figure 16, section [0342]-[0347], [0348]-[0350] and [0323]). 

With respect to claim 16, Haverinen discloses an Access Controller further 
comprising: 
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(a) means for shifting the information received on top of the Point-to-Point layer 2 
protocol upwards to the authentication protocol residing at application layer (See 
Haverinen’s see figure 9, section [0285]-[0305]); and 

(b) means for shifting the information received on the authentication protocol 
residing at application layer downwards on top of the Point-to-Point layer 2 
protocol (PPPoE) (See Haverinen’s see figure 9, section [0285]-[0305]). 

With respect to claim 17, Haverinen discloses an Access Controller further 
comprising means for requesting an IP address from a Dynamic Host Configuration 
Protocol server, after a user has been successfully authenticated by his public land 
mobile network (See Haverinen’s see figure 9, section [0263]-[0279]). 

With respect to claim 18, Haverinen discloses an Access Controller adapted for 
communicating with a wireless terminal via an Access Point (See Haverinen’s 
abstract, see figure 7 & 8, sections [0242] - [0244], [0247], [0249] - [0251], [0255] - 
[0258]). 

With respect to claim 19, Haverinen discloses an Access Controller adapted for 
communicating with a public land mobile network via an Authentication Gateway (See 
Haverinen’s see figure 9, section [0263]-[0279]). 

With respect to claim 20, Haverinen discloses an Access Controller adapted for 
communicating with an Authentication Gateway via an Authentication Server 
responsible for authenticating local users of a wireless local area network (See 
Haverinen’s see figure 9, section [0263]-[0279]). 
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With respect to claim 21 , Haverinen discloses an Access Controller wherein the 
authentication protocol residing at application layer is an Extensible Authentication 
Protocol (See Haverinen’s see figure 16, section [0342]-[0347], [0348]-[0350]). 

With respect to claim 22, Haverinen discloses an Access Controller wherein this 
Extensible Authentication Protocol is transported over a RADIUS protocol (See 
Haverinen’s see figure 16, section [0342]-[0347], [0348]-[0350] and [0323]). 

With respect to claim 24, Haverinen discloses a wireless terminal comprising 
functionally for acting as a Point- to-Point layer 2 protocol (PPPoE) client and having an 
Extensible Authentication Protocol on top of this Point-to-Point layer 2 protocol (See 
Haverinen’s see figure 9, section [0285]-[0305]). 



Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



5. Claims 6, 14, and 23 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Haverinen et al. (2002/0,012,433) in view of well-known prior art (MPEP 2144.03). 



With respect to claim 6, Haverinen discloses a method of establishing at the 
wireless terminal an encryption path by using the previously derived encryption keys at 
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the Access Controller and wireless terminal. Haverinen does not disclose a symmetric 
encryption. However, an official notice is taken that the concept and use of symmetric 
encryption are well known and expected in the art. Therefore, it would be obvious to one 
of ordinary skill in the art to apply the symmetric encryption in the above for 
authentication purposes. 

With respect to claim 14 and 23, Haverinen discloses a method wherein 
Extensible Authentication Protocol is used. Haverinen does not disclose the EAP is 
transported over a Diameter protocol. However, an official notice is taken that the 
concept and use of Diameter protocol are well known and expected in the art. 

Therefore, it would be obvious to one of ordinary skill in the art to transport EAP over a 
Diameter protocol. 



Conclusion 

6. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Sayed T. Zewari whose telephone number is 571-272- 
6851. The examiner can normally be reached on 8:30-4:30. 

7. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s 
supervisor, Lester G. Kincaid can be reached on 571-272-7922. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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8. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Sayed T. Zewari 
August 16, 2007 




LESTER G. KINCAID 
SUPERVISORY PRIMARY EXAMINER 




